Currently I have no way to know if my machine is being remotely viewed by our tech support, and would prefer to know, given the massive privacy breach that would entail should this be happening. I am running Mac OS X Snow Leopard.

This question came from our site for system and network administrators.

Note that the below two answers only cover the built-in screen sharing tools in OSX. There are also third party tools that may or may not display any icons at all when somebody is viewing your screen. Vine Server, for instance will not show any indication that it is running or that somebody is connected. As a professional IT admin, my best answer is that, if this is a work owned machine, you probably shouldn't be doing anything with it that requires privacy, as you should expect none.
–
RESPAWNAug 1 '12 at 14:45

6 Answers
6

If your computer is being remotely accessed, it will show a little viewer icon in the menu bar. (Note, I've been using screen sharing since OS X Leopard, and I've never seen the icon noted by de_an777 in his answer.

Go into System Preferences > Shared. Make sure that Screen Sharing and Remote Management (for Apple's Remote Desktop) are both unchecked.

Also, check under Security & Privacy > Firewall and turn the Firewall on. Note the warning. "The firewall will block all sharing services, such as file sharing, screen sharing, iChat Bonjour, and iTunes music sharing. If you want to allow sharing services, click Advanced and deselect the “Block all incoming connections” checkbox."

This will block any incoming screen sharing connection (as well as other services).

To check to make sure that you can't connect to your computer via screen sharing, you can use nmap, a free command line tool for "network discovery and security auditing."

To use it, just type nmap [YOUR IP ADDRESS]

You'll see that nmap reports that the vnc (screen sharing) port is open. After turning off screen sharing and turning on the firewall:

(Note that I've explicitly allowed ssh, printer, and afp sharing in the Firewall.)

The screen sharing icon that appears in my answer is in mountain lion. They have updated the icon, that's why I said that you will see this icon, or something similar to a screen with binoculars depending on your system.
–
de_an777Aug 1 '12 at 12:41

Ah. I see. I didn't notice that you said that.
–
daviesgeekAug 1 '12 at 16:49

Usually, if your mac is being monitored, if will show this image in the top right hand corner near your time:

When that symbol appears, or a symbol that looks very similar to it, like a screen with binoculars in it, it depends on your system , you will be able to tell if you are being monitored. You can also disconnect the viewer like so:

Also, if you have access to your settings with an administrative account you can go to:

System Preferences > Sharing

Make sure Remote Management is Off and that Screen Sharing is Off. If both of these are off then you can not Remote Control/View the Mac over the network through VNC.

If you have access to the command line, then 'netstat -n' will show the active network connections at the top of the list. The local port should be 5900, so you would be looking under "Local Addresses" for a connection with your machine's IP address and a ".5900". The "Foreign Address" will be the IP address of the machine doing the monitoring.

Note that the company can lock you out of the command line as well, if this is a centrally managed machine, and/or log your use of applications on the machine.

Not that you asked, but I don't know if it is reasonable to have any expectations of privacy on a company owned machine. :-)

I guess the problem with the other two answers is that you may not notice the icon in the top right corner of your screen.

What you need is an app that alerts you about any new connections. Little Snitch does this. Whenever a new connection is trying to be made with your computer, little snitch pops up and asks you if you want to allow it or deny once or forever. Really simple and useful app. Can be a bit of a pain at first until you get rules in place for all your applications that access the internet but you'll find after a day or two it won't bother you very often at all.

I don't see an answer in this question, you might could improve your reply with a more detailed answer instead of a "I've had the same", as that is no answer unfortunately.
–
RobFeb 28 '14 at 8:37

@Robuust No idea what you're talking about. I've explicitly pointed out a checkbox that directly relates to the question being asked, a checkbox no one else has brought up. The 'I've had the same' is providing a bit of context, no harm in that.
–
nzcoopsMar 20 '14 at 6:03

Unless you are a lawyer and you live in the same country as the OP, please don't speculate.
–
TetsujinNov 22 '14 at 19:45

@Tetsujin: there's no speculation whatsoever, he clearly stated fact. If it's not your equipment, there's no expectation of privacy, the company is entitled to remotely view, manage, etc to their hearts content. In fact the biggest issue with some of the answers in this thread is instructing users to go in and change settings their company put in place, which is grounds for termination at some places, and generally a personnel / HR issue most places.Just like the fact that while you think what sites you're viewing are hidden in 'incognito mode' in chrome or similar, it's all still going throug
–
Chris DarbroDec 10 '14 at 23:25

There are several ways this could be a privacy issue. First, the assumption that is being made is that the person monitoring you is doing so with the blessing of the company that owns the machine. What if the monitoring is being done by someone without the authority to do so or worse with ill intent towards you or the company? What if the acceptable use policy would prevent someone from monitoring your use? Pull at either of those threads to find a laundry list of exceptions to your assumption that coloring inside the lines implies no trouble will befall you and you have nothing to worry about
–
user105779Dec 22 '14 at 21:40